Meanwhile, a Melbourne-based cardiology group acknowleged on Thursday it was struck by ransomware in late January that encrypted patient records and scheduling calendars.

The incidents come as Australia has faced a few tough weeks of cyberattacks. For example, the country's Parliament was hit last week with what the government described as a nation-state attack that gained access to the email archives of lawmakers (see: Suspected State-Sponsored Hackers Pummel US and Australia).

Efforts to reach Toyota Australia officials on Friday weren't successful. But the company says in a statement on its website that "we believe no private employee or customer data has been accessed."

"The threat is being managed by our IT department [which] is working closely with international cybersecurity experts to get systems up and running again," the company says.

Unreachable By Phone, Email

On another part of its website, Toyota Australia writes that it's experiencing technical difficulties and that "we are currently unreachable via phone or email." The outages began late Tuesday evening, according to Caradvice.com.au.

Toyota Australia warned on its website that the cybersecurity incident affected its email and phone systems.

The company says it didn't have further information on the origin of the attack. But the effects would indicate the possibility of a ransomware infection, the file-encrypting malware that has caused IT problems worldwide over the past few years.

The Australian Cyber Security Center, the government's top cybersecurity agency, says it's assisting Toyota, but it declined to comment further on the incident. It noted that it recently provided advice on attacks that were targeting the automotive industry.

With Toyota Australia not saying much, it's difficult to determine what happened, says Chris Culnane, a cybersecurity expert and lecturer with the School of Computing and Information Systems at the University of Melbourne. The incident could stem from cybercrime, industrial espionage or even a disgruntled insider, he says.

That some of Toyota's systems remain offline is an indication that the source of intrusion may not have been isolated yet, Culnane says. Until that is uncovered, "they can't risk bringing the email servers back online," he says.

Ransomware: A Heart Stopper

The Melbourne Heart Group, which leases space at Cabrini Hospital in the Melbourne suburb of Malvern, says it was hit with a cybersecurity incident late last month in which "our patient data was encrypted."

"This means that our patients' information became inaccessible to anyone, including ourselves," the group says. "We have been assured that no patient's privacy has been compromised in any way. We are working through this issue with our I.T. provider and hope to resolve it as soon as possible."

Although the origin of the infection hasn't been discovered, it likely was a result of someone browsing a malicious website or clicking on a malicious link, the source says. The group also used a very old firewall, the source says, although workstations were running security software from a well-known vendor.

But luckily, all of the patient data was backed up and is now being restored, the source says. "It was a tricky process," the source says. Fortunately, patient data was only encrypted locally by the ransomware and not directly accessed or exfiltrated.

Although Melbourne Heart Group works out of Cabrini Hospital, the hospital says its own data storage and information systems weren't affected.

"No Cabrini data storage or patient related systems or operations have been impacted or compromised by this incident, and there has been no breach of hospital patient data," says Michael Walsh, Cabrini Health's chief executive.

Earlier this week, Australian Prime Minster Scott Morrison declined to lay blame for the cyberattacks against Parliament. The government continues to investigate. Some forensic evidence, however, was destroyed as a result of having to take quick remediation, officials said.

As in many nation-state attacks, China fell under suspicion. But on Friday, China Foreign Ministry spokesman Geng Shuang dismissed the suggestion that it was behind the attacks against Parliament, calling it "baseless speculation," the ABC reported.

About the Author

Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.